| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-35858 |
400 |
|
DoS Exec Code |
2020-12-31 |
2021-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service (e.g., x86) or possibly remote code execution (e.g., ARM). |
|
2 |
CVE-2020-35781 |
|
|
DoS |
2020-12-30 |
2020-12-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. |
|
3 |
CVE-2020-35780 |
|
|
DoS |
2020-12-30 |
2020-12-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. |
|
4 |
CVE-2020-35779 |
|
|
DoS |
2020-12-30 |
2020-12-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. |
|
5 |
CVE-2020-35716 |
|
|
DoS |
2020-12-26 |
2020-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. |
|
6 |
CVE-2020-35680 |
476 |
|
DoS |
2020-12-24 |
2021-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. |
|
7 |
CVE-2020-35609 |
74 |
|
DoS |
2020-12-22 |
2020-12-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability. |
|
8 |
CVE-2020-35579 |
|
|
DoS |
2020-12-20 |
2020-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a request loop and a denial of service may occur. |
|
9 |
CVE-2020-35573 |
400 |
|
DoS |
2020-12-20 |
2020-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. |
|
10 |
CVE-2020-35553 |
920 |
|
DoS |
2020-12-18 |
2020-12-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678 (December 2020). |
|
11 |
CVE-2020-35548 |
|
|
DoS |
2020-12-18 |
2020-12-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). |
|
12 |
CVE-2020-35381 |
|
|
DoS |
2020-12-15 |
2021-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. |
|
13 |
CVE-2020-35380 |
|
|
DoS |
2020-12-15 |
2020-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. |
|
14 |
CVE-2020-29652 |
476 |
|
DoS |
2020-12-17 |
2020-12-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. |
|
15 |
CVE-2020-29651 |
|
|
DoS |
2020-12-09 |
2021-01-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. |
|
16 |
CVE-2020-29596 |
120 |
|
DoS |
2020-12-21 |
2020-12-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. |
|
17 |
CVE-2020-29571 |
476 |
|
DoS |
2020-12-15 |
2021-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable. |
|
18 |
CVE-2020-29570 |
770 |
|
DoS |
2020-12-15 |
2021-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. |
|
19 |
CVE-2020-29567 |
770 |
|
DoS |
2020-12-15 |
2021-03-09 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability. |
|
20 |
CVE-2020-29566 |
674 |
|
DoS Overflow |
2020-12-15 |
2021-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has completed its operation, via an event channel, so that the relevant vCPU is rescheduled. If the device model were to signal Xen without having actually completed the operation, the de-schedule / re-schedule cycle would repeat. If, in addition, Xen is resignalled very quickly, the re-schedule may occur before the de-schedule was fully complete, triggering a shortcut. This potentially repeating process uses ordinary recursive function calls, and thus could result in a stack overflow. A malicious or buggy stubdomain serving a HVM guest can cause Xen to crash, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are affected. Arm systems are not affected. Only x86 stubdomains serving HVM guests can exploit the vulnerability. |
|
21 |
CVE-2020-29562 |
617 |
|
DoS |
2020-12-04 |
2021-03-19 |
2.1 |
None |
Remote |
High |
??? |
None |
None |
Partial |
|
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. |
|
22 |
CVE-2020-29487 |
770 |
|
DoS |
2020-12-15 |
2020-12-22 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable. |
|
23 |
CVE-2020-29486 |
770 |
|
DoS |
2020-12-15 |
2021-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory A malicious guest administrator can cause a denial of service against a specific guest or against the whole host. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. |
|
24 |
CVE-2020-29484 |
476 |
|
DoS |
2020-12-15 |
2021-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any communication with xenstored is done via Xenstore messages, consisting of a message header and the payload. The payload length is limited to 4096 bytes. Any request to xenstored resulting in a response with a payload longer than 4096 bytes will result in an error. When registering a watch, the payload length limit applies to the combined length of the watched path and the specified tag. Because watches for a specific path are also triggered for all nodes below that path, the payload of a watch event message can be longer than the payload needed to register the watch. A malicious guest that registers a watch using a very large tag (i.e., with a registration operation payload length close to the 4096 byte limit) can cause the generation of watch events with a payload length larger than 4096 bytes, by writing to Xenstore entries below the watched path. This will result in an error condition in xenstored. This error can result in a NULL pointer dereference, leading to a crash of xenstored. A malicious guest administrator can cause xenstored to crash, leading to a denial of service. Following a xenstored crash, domains may continue to run, but management operations will be impossible. Only C xenstored is affected, oxenstored is not affected. |
|
25 |
CVE-2020-29483 |
416 |
|
DoS |
2020-12-15 |
2021-03-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's internal management, resulting in the same actions as if the guest had been destroyed, including sending an @releaseDomain event. @releaseDomain events do not say that the guest has been removed. All watchers of this event must look at the states of all guests to find the guest that has been removed. When an @releaseDomain is generated due to a domain xenstored protocol violation, because the guest is still running, the watchers will not react. Later, when the guest is actually destroyed, xenstored will no longer have it stored in its internal data base, so no further @releaseDomain event will be sent. This can lead to a zombie domain; memory mappings of that guest's memory will not be removed, due to the missing event. This zombie domain will be cleaned up only after another domain is destroyed, as that will trigger another @releaseDomain event. If the device model of the guest that violated the Xenstore protocol is running in a stub-domain, a use-after-free case could happen in xenstored, after having removed the guest from its internal data base, possibly resulting in a crash of xenstored. A malicious guest can block resources of the host for a period after its own death. Guests with a stub domain device model can eventually crash xenstored, resulting in a more serious denial of service (the prevention of any further domain management operations). Only the C variant of Xenstore is affected; the Ocaml variant is not affected. Only HVM guests with a stubdom device model can cause a serious DoS. |
|
26 |
CVE-2020-29479 |
732 |
|
DoS |
2020-12-15 |
2021-03-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable. |
|
27 |
CVE-2020-29447 |
434 |
|
DoS |
2020-12-21 |
2020-12-22 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. |
|
28 |
CVE-2020-29441 |
434 |
|
DoS |
2020-11-30 |
2020-12-04 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. |
|
29 |
CVE-2020-29385 |
835 |
|
DoS Exec Code |
2020-12-26 |
2021-03-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. |
|
30 |
CVE-2020-29194 |
|
|
DoS |
2020-12-28 |
2020-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. |
|
31 |
CVE-2020-29057 |
|
|
DoS |
2020-11-24 |
2021-03-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. |
|
32 |
CVE-2020-29040 |
193 |
|
DoS +Priv |
2020-11-24 |
2021-01-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. |
|
33 |
CVE-2020-28975 |
|
|
DoS |
2020-11-21 |
2020-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. |
|
34 |
CVE-2020-28941 |
763 |
|
DoS |
2020-11-19 |
2020-12-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. |
|
35 |
CVE-2020-28935 |
59 |
|
DoS |
2020-12-07 |
2021-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. |
|
36 |
CVE-2020-28864 |
120 |
|
DoS Overflow |
2020-11-23 |
2020-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. |
|
37 |
CVE-2020-28362 |
295 |
|
DoS |
2020-11-18 |
2021-02-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. |
|
38 |
CVE-2020-28349 |
20 |
|
DoS |
2020-11-09 |
2020-11-19 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
** DISPUTED ** An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network." |
|
39 |
CVE-2020-28283 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution. |
|
40 |
CVE-2020-28282 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. |
|
41 |
CVE-2020-28281 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. |
|
42 |
CVE-2020-28280 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. |
|
43 |
CVE-2020-28279 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. |
|
44 |
CVE-2020-28278 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. |
|
45 |
CVE-2020-28277 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. |
|
46 |
CVE-2020-28276 |
|
|
DoS Exec Code |
2020-12-29 |
2020-12-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. |
|
47 |
CVE-2020-28274 |
|
|
DoS Exec Code |
2020-12-08 |
2020-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. |
|
48 |
CVE-2020-28273 |
|
|
DoS Exec Code |
2020-12-02 |
2020-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. |
|
49 |
CVE-2020-28272 |
|
|
DoS Exec Code |
2020-12-02 |
2020-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. |
|
50 |
CVE-2020-28271 |
20 |
|
DoS Exec Code |
2020-11-12 |
2020-11-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. |
